module
SolarWinds Orion Secrets Dump
| Disclosed | Created |
|---|---|
| 2022-11-08 | 2022-12-20 |
Disclosed
2022-11-08
Created
2022-12-20
Description
This module exports and decrypts credentials from SolarWinds Orion Network
Performance Monitor (NPM) to a CSV file; it is intended as a post-exploitation
module for Windows hosts with SolarWinds Orion NPM installed. The module
supports decryption of AES-256, RSA, and XMLSEC secrets. Separate actions for
extraction and decryption of the data are provided to allow session migration
during execution in order to log in to the SQL database using SSPI. Tested on
the 2020 version of SolarWinds Orion NPM. This module is possible only because
of the source code and technical information published by Rob Fuller and
Atredis Partners.
Performance Monitor (NPM) to a CSV file; it is intended as a post-exploitation
module for Windows hosts with SolarWinds Orion NPM installed. The module
supports decryption of AES-256, RSA, and XMLSEC secrets. Separate actions for
extraction and decryption of the data are provided to allow session migration
during execution in order to log in to the SQL database using SSPI. Tested on
the 2020 version of SolarWinds Orion NPM. This module is possible only because
of the source code and technical information published by Rob Fuller and
Atredis Partners.
Authors
npm npm@cesium137.io
Rob Fuller
Rob Fuller
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.